If you disable all traces of webp from Firefox to make the internet only send real JPEG or send real PNG , that OP link is a scam and goes to illegal web http server code and swaps the byte stream from JPG to WEBP. It does not send a JPG using that link to ANY brand of browser!
I Never until now saw this in my life from catbox links here with webP disabled fully in Firefox.
In my Firefox I have set all thee spots to force unacceptance of Webp shit files :
about:config, remove "image/webp," from image.http.accept
in about:config remove "image/webp," from network.http.accept.default.
third step (most drastic) :
also in about:config set "FALSE" image.webp.enabled
"silent image swap to WebP" was a foolish feature of saving bytes on Reddit.com, but webp and its DRM nonsense and user tracking salted internal data, needs to be banned.
Normally in 2021 , image.webp.enabled is set True for kikery, and normally in 2021 image.http.accept and network.http.accept.default allow this abomination.
OP LINK IS A BROKEN LINK! =========
That server refuses to send a jpg file!
*I VERIFIED MY FACTS using old 2014 Apple Safari on three devices ! ====
2014 Apple Safari , and any other older browser, also FAILS to render or show OP's fake link! The file it sends fails to open in any graphic program that accepts jpg (it is really a WEBPVP8 container) :
swapping byte streams is dangerous... it is how .exe files, .pdf zero days, and similar payloads can get delivered into target machines
Someone should post a REAL jpg of that OP link and stop trying to honeypot voat users by early probe penetration testing methods.*
WebP has had remote exploits in the past.
FAKE LINKS should be banned on voat or auto rejected! ONLY REAL files!
The CIA/FBI has no doubt COUNTLESS remote exploit zero-day ways to hack citizens using the mammoth over-engineered JPEG XR file container : https://en.wikipedia.org/wiki/JPEG_XR but to get a target suspect to open and decode a JPEG XR requires them to be tricked into accepting a WebP (https://en.wikipedia.org/wiki/WebP)
FBI/SPLC/ADL/MOSSAD wants to root you and wants you to open up their PDFS and WebPs
*I VERIFIED MY FACTS using old 2014 Apple Safari on three devices ! ====
2014 Apple Safari , and any other older browser, alo FAILS to render or show OP's fake link! The file it sends fails to open in any graphic program that accepts jpg (it is really a WEBPVP8 container) :
swapping byte streams is dangerous... it is how .exe files, .pdf zero days, and similar payloads can get delivered into target machines
Someone should post a REAL jpg of that OP link and stop trying to honeypot voat users by early probe penetration testing methods.*
WebP has had remote exploits in the past.
FAKE LINKS should be banned on voat or auto rejected! ONLY REAL files!
The CIA/FBI has no doubt COUNTLESS remote exploit zero-day ways to hack citizens using the mammoth over-engineered JPEG XR file container : https://en.wikipedia.org/wiki/JPEG_XR but to get a target suspect to open and decode a JPEG XR requires them to be tricked into accepting a WebP (https://en.wikipedia.org/wiki/WebP)
FBI/SPLC/ADL/MOSSAD wants to root you and wants you to open up their PDFS and WebPs
[ - ] KCobain27 [op] 1 point 3.8 yearsJul 22, 2021 19:09:33 ago (+1/-0)
Catbox used to correctly switch the file extension for jpg files masquerading as webp's. So did pic8. I just tried pic8 and it didn't correct it either: https://pic8.co/sh/Vmr6PE.jpg
Sorry I used to convert all webp's back when I used a Legacy-Firefox browser that didn't support them. But now even that browser has been updated to support webp, so the only way for me to tell now is to download the file and check its properties.
I agree that reddit doing the auto=webp was/is bullshit. But I'd like to know more about how you think this could be exploitable. The browser or image viewer will either correctly identify it as a webp & display it, or they won't.
I will make more of an effort to discern these webp's from now on. I thought it was weird Voat wasn't able to generate a thumbnail but figured it was because of the high resolution.
[ + ] try
[ - ] try 2 points 3.8 yearsJul 22, 2021 16:07:55 ago (+2/-0)*
==========
Possible zer0 day EXPLOIT fake jpg image to root your machine!!!
Caution to people worried about Feds...
OP LINK FAKE FILE STREAM!!!!
======
The link FALSELY claims to be a JPG ! :
~~~
https://files.catbox.moe/wyem8c.jpg
~~~
If you disable all traces of webp from Firefox to make the internet only send real JPEG or send real PNG , that OP link is a scam and goes to illegal web http server code and swaps the byte stream from JPG to WEBP. It does not send a JPG using that link to ANY brand of browser!
I Never until now saw this in my life from catbox links here with webP disabled fully in Firefox.
In my Firefox I have set all thee spots to force unacceptance of Webp shit files :
about:config, remove "image/webp," from image.http.accept
in about:config remove "image/webp," from network.http.accept.default.
third step (most drastic) :
also in about:config set "FALSE" image.webp.enabled
"silent image swap to WebP" was a foolish feature of saving bytes on Reddit.com, but webp and its DRM nonsense and user tracking salted internal data, needs to be banned.
Normally in 2021 , image.webp.enabled is set True for kikery, and normally in 2021 image.http.accept and network.http.accept.default allow this abomination.
OP LINK IS A BROKEN LINK!
=========
That server refuses to send a jpg file!
*I VERIFIED MY FACTS using old 2014 Apple Safari on three devices !
====
2014 Apple Safari , and any other older browser, also FAILS to render or show OP's fake link! The file it sends fails to open in any graphic program that accepts jpg (it is really a WEBPVP8 container) :
~~~
https://files.catbox.moe/wyem8c.jpg
~~~
swapping byte streams is dangerous... it is how .exe files, .pdf zero days, and similar payloads can get delivered into target machines
Someone should post a REAL jpg of that OP link and stop trying to honeypot voat users by early probe penetration testing methods.*
WebP has had remote exploits in the past.
FAKE LINKS should be banned on voat or auto rejected! ONLY REAL files!
The CIA/FBI has no doubt COUNTLESS remote exploit zero-day ways to hack citizens using the mammoth over-engineered JPEG XR file container :
https://en.wikipedia.org/wiki/JPEG_XR but to get a target suspect to open and decode a JPEG XR requires them to be tricked into accepting a WebP (https://en.wikipedia.org/wiki/WebP)
FBI/SPLC/ADL/MOSSAD wants to root you and wants you to open up their PDFS and WebPs
[ + ] try
[ - ] try 2 points 3.8 yearsJul 22, 2021 16:19:45 ago (+2/-0)
OP LINK IS A BROKEN LINK!
=========
That server refuses to send a jpg file!
*I VERIFIED MY FACTS using old 2014 Apple Safari on three devices !
====
2014 Apple Safari , and any other older browser, alo FAILS to render or show OP's fake link! The file it sends fails to open in any graphic program that accepts jpg (it is really a WEBPVP8 container) :
~~~
https://files.catbox.moe/wyem8c.jpg
~~~
swapping byte streams is dangerous... it is how .exe files, .pdf zero days, and similar payloads can get delivered into target machines
Someone should post a REAL jpg of that OP link and stop trying to honeypot voat users by early probe penetration testing methods.*
WebP has had remote exploits in the past.
FAKE LINKS should be banned on voat or auto rejected! ONLY REAL files!
The CIA/FBI has no doubt COUNTLESS remote exploit zero-day ways to hack citizens using the mammoth over-engineered JPEG XR file container :
https://en.wikipedia.org/wiki/JPEG_XR but to get a target suspect to open and decode a JPEG XR requires them to be tricked into accepting a WebP (https://en.wikipedia.org/wiki/WebP)
FBI/SPLC/ADL/MOSSAD wants to root you and wants you to open up their PDFS and WebPs
[ + ] KCobain27
[ - ] KCobain27 [op] 1 point 3.8 yearsJul 22, 2021 19:09:33 ago (+1/-0)
Here is an actual jpg version of that image (it is big about 1MB): https://files.catbox.moe/ug84l6.jpg
I promise there is nothing nefarious with me posting this, I saw a smaller version of the photo and got the highest quality from a reverse image search. This was the original image I mirrored to catbox: https://i0.wp.com/www.pipermackayphotography.com/wp-content/uploads/2011/07/XXKenya0509201.jpg
From this webpage: https://www.pipermackayphotography.com/2011/07/national-geographic-maybe/
Sorry I used to convert all webp's back when I used a Legacy-Firefox browser that didn't support them. But now even that browser has been updated to support webp, so the only way for me to tell now is to download the file and check its properties.
I agree that reddit doing the auto=webp was/is bullshit. But I'd like to know more about how you think this could be exploitable. The browser or image viewer will either correctly identify it as a webp & display it, or they won't.
[ + ] try
[ - ] try 1 point 3.8 yearsJul 22, 2021 19:20:24 ago (+1/-0)*
JPG and PNG have had almost no remote exploits since 2012, unlike the deep state spooks exploiting WebP.
I have no doubt WebP has more unrevealed CIA zer0-days in it.
August 2020 :
Microsoft Windows WebP Image Extention RCE (August 2020) :
https://www.tenable.com/plugins/nessus/140596
If you had your browser set to broadcast lack of support for WebP shit, you were safe all through 2020.
July 21 2021? Yep more explotable defects for macintosh too :
https://vulners.com/zdi/ZDI-21-893
That revelation from anonymous on July 22 2021 , half a day ago, is UNPATCHED ON ALL MACS using latest safari !!!!
And its already been leveraged by CIA/FBI/MOSSAD all last month.
In May another defect on macs : "ZDI-21-598" discovered suing fuzzing tools that repair internal checksums after fuzz.
https://en.wikipedia.org/wiki/Fuzzing
*I TRIED TO WARN YOU GOATS, but JIDF shills here want my info suppressed!
=========
And its only known on this site here, voat.xyz, and wherever I deem worthy to warn cyber-punks like vulners.com
[ + ] KCobain27
[ - ] KCobain27 [op] 0 points 3.8 yearsJul 22, 2021 20:25:39 ago (+0/-0)
[ + ] IfuckedYerMum
[ - ] IfuckedYerMum 1 point 3.8 yearsJul 22, 2021 21:39:09 ago (+1/-0)
[ + ] account deleted by user
[ - ] account deleted by user 1 point 3.8 yearsJul 22, 2021 20:55:30 ago (+1/-0)
[ + ] fightknightHERO
[ - ] fightknightHERO 1 point 3.8 yearsJul 22, 2021 15:14:48 ago (+1/-0)
[ + ] ButtToucha9000
[ - ] ButtToucha9000 -1 points 3.8 yearsJul 22, 2021 15:24:52 ago (+0/-1)
[ + ] robotflex
[ - ] robotflex 0 points 3.8 yearsJul 22, 2021 16:24:17 ago (+0/-0)
[ + ] KCobain27
[ - ] KCobain27 [op] 0 points 3.8 yearsJul 22, 2021 19:10:50 ago (+0/-0)